The attack on the WannaCry racket software , which has infected more than 200,000 computers in 150 countries, is unprecedented in its magnitude.

Cyber ​​insurance, for the time uncommon in France, allow companies to cover a loss of operation in the event of an attack. Some insurers reimburse ransom costs.

The attack on the WannaCry racket software , which has infected more than 200,000 computers in 150 countries, is unprecedented in its magnitude. It reflects the sharp increase in cyber risks in companies. In France, nearly six out of ten companies say they were victims of a cyberattack last year, according to a survey conducted by DFCG, the national association of CFOs and management control, and Euler Hermes.

Yet for the moment, few French companies are insured against this risk. Last year, e-insurance sales were valued at $ 50 million by the French Insurance Federation (FFA) and at $ 300 million at the European level. An uncommon amount with the $ 3 billion in sales in the United States! "The regulation of personal data has been strict in the United States since 2004. Companies are therefore aware of theft of information from their customers and are insuring against this risk", justifies Christophe Zaniewski, CEO of AIG France, One of France's leading e-insurance companies. In France, regulations will be tightened next year. Companies affected by cyber attacks must inform the CNIL and their clients (if their data have been diverted). This is likely to encourage more and more companies to insure themselves .

● Which companies are most vulnerable?

"Two types of businesses are particularly vulnerable. The non-professional merchant sites of IT, and software providers and their subcontractors. In this case, they are SSII, Internet service providers or telecommunications companies, "explains François Nédey, technical director of property and liability insurance for Allianz France. "The former are generally not insured, unlike groups specialized in the Internet who make every effort to protect themselves against cyber attacks".

Hackers typically seek to hack customer data from companies they resell later. "Medical data is highly sought after and as expensive as bank data on the darkweb," explains Paul Sterckx, director of financial lines and responsibilities at AIG France, whose turnover in e-insurance doubled every year for two years.

Large companies are generally well covered. On the other hand, given the non-negligible price of these hedges (which may be equivalent to that covering the activity), smaller companies such as SMEs and VSEs do not subscribe to this type of insurance.

● What do insurance cover?

It all depends on the companies. The most frequently used guarantees are those covering loss of operations and those covering the company's liability. "Our policies are mixed and cover both support such as the provision of an emergency hotline and the costs of IT and legal experts, damages suffered by the company such as loss of business and Damage suffered by third parties such as defense costs due to infringement of personal data, "explains Sophie Parisot, cyber product manager at AIG-France. "We also plan to cover the loss of business activity."

We can also cover civil liability. This guarantee is more complex to implement because it is necessary to evaluate the risks of propagation through the company. "We will see an increase in the frequency and severity of cyber attacks. The question of the capacity to insure these risks will arise then "explains François Nédey.

● Is the payment of a ransom refunded?

Some contracts reimburse the payment of a ransom. This is the case, for example, with those of AIG (some of them, however, include a deductible). "But we are here primarily to help companies quickly secure the situation and ensure that they do not have to pay ransoms," says Zaniewski.

At other insurers, this warranty is optional or does not exist at all. However, in some cases, when malware is very difficult to unlock, insurers prefer to repay the ransom (on average between 300 and 1200 euros), rather than paying much more to solve the problem.